<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302"
   href="https://bugs.webkit.org/show_bug.cgi?id=164897">164897</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>JavaScriptCore
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>ryanhaddad&#64;apple.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=295108" name="attach_295108" title="Crash log">attachment 295108</a> <a href="attachment.cgi?id=295108&amp;action=edit" title="Crash log">[details]</a></span>
Crash log

Encountered with LayoutTest sputnik/Unicode/Unicode_510/S7.6_A3.2.html

<a href="https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r208860%20(16285)/results.html">https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r208860%20(16285)/results.html</a>

Thread 13 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore          0x000000010a1ff937 WTFCrash + 39
1   com.apple.JavaScriptCore          0x0000000109c8847e JSC::JSObject::visitButterfly(JSC::SlotVisitor&amp;, JSC::Butterfly*, JSC::Structure*) + 302
2   com.apple.JavaScriptCore          0x0000000109c759c6 JSC::JSObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 518
3   com.apple.JavaScriptCore          0x0000000109cac853 JSC::JSScope::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 307
4   com.apple.JavaScriptCore          0x0000000109cbdd13 JSC::JSSymbolTableObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 307
5   com.apple.JavaScriptCore          0x0000000109cb04e3 JSC::JSSegmentedVariableObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 307
6   com.apple.JavaScriptCore          0x0000000109bec533 JSC::JSGlobalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 307
7   com.apple.WebCore                 0x000000010da81e1e WebCore::JSDOMGlobalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 366
8   com.apple.WebCore                 0x000000010dbac553 WebCore::JSDOMWindowBase::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 307
9   com.apple.WebCore                 0x000000010daf16d3 WebCore::JSDOMWindow::visitChildren(JSC::JSCell*, JSC::SlotVisitor&amp;) + 307
10  com.apple.JavaScriptCore          0x0000000109fc9bcd JSC::SlotVisitor::visitChildren(JSC::JSCell const*) + 269
11  com.apple.JavaScriptCore          0x0000000109fc847a JSC::SlotVisitor::drain(WTF::MonotonicTime) + 538
12  com.apple.JavaScriptCore          0x0000000109fc8cd5 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 2005
13  com.apple.JavaScriptCore          0x00000001099d1df6 JSC::Heap::markToFixpoint(double)::$_1::operator()() const + 774
14  com.apple.JavaScriptCore          0x00000001099d1abc WTF::SharedTaskFunctor&lt;void (), JSC::Heap::markToFixpoint(double)::$_1&gt;::run() + 28
15  com.apple.JavaScriptCore          0x000000010a23f4d0 WTF::ParallelHelperClient::runTask(WTF::RefPtr&lt;WTF::SharedTask&lt;void ()&gt; &gt;) + 176
16  com.apple.JavaScriptCore          0x000000010a2404f2 WTF::ParallelHelperPool::Thread::work() + 66
17  com.apple.JavaScriptCore          0x000000010a2652d3 WTF::AutomaticThread::start(WTF::Locker&lt;WTF::LockBase&gt; const&amp;)::$_0::operator()() const + 579
18  com.apple.JavaScriptCore          0x000000010a26507d void std::__1::__invoke_void_return_wrapper&lt;void&gt;::__call&lt;WTF::AutomaticThread::start(WTF::Locker&lt;WTF::LockBase&gt; const&amp;)::$_0&amp;&gt;(WTF::AutomaticThread::start(WTF::Locker&lt;WTF::LockBase&gt; const&amp;)::$_0&amp;&amp;&amp;) + 45
19  com.apple.JavaScriptCore          0x000000010a264e6c std::__1::__function::__func&lt;WTF::AutomaticThread::start(WTF::Locker&lt;WTF::LockBase&gt; const&amp;)::$_0, std::__1::allocator&lt;WTF::AutomaticThread::start(WTF::Locker&lt;WTF::LockBase&gt; const&amp;)::$_0&gt;, void ()&gt;::operator()() + 44
20  com.apple.JavaScriptCore          0x0000000109770e2a std::__1::function&lt;void ()&gt;::operator()() const + 26
21  com.apple.JavaScriptCore          0x000000010a277d0e WTF::threadEntryPoint(void*) + 158
22  com.apple.JavaScriptCore          0x000000010a2797b1 WTF::wtfThreadEntryPoint(void*) + 289
23  libsystem_pthread.dylib           0x7fff8a09405a _pthread_body + 131 (~rc/Software/SUSyrahFalls/Projects/libpthread/libpthread-105.40.1/src/pthread.c:644)
24  libsystem_pthread.dylib           0x7fff8a093fd7 _pthread_start + 176 (~rc/Software/SUSyrahFalls/Projects/libpthread/libpthread-105.40.1/src/pthread.c:680)
25  libsystem_pthread.dylib           0x7fff8a0913ed thread_start + 13 (~rc/Software/SUSyrahFalls/Projects/libpthread/libpthread-105.40.1/src/pthread_asm.s:57)</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>